The Mayor from the City of San Francisco Gavin Newsom met on Monday with the jailed Terry Childs convincing him to hand over the administrative passwords to the City's network.

Terry Childs, handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane. Newsom is ultimately responsible for the Department of Telecommunications and Information Services (DTIS) where Childs worked for the past five year.

The department now has full administrative control of the network, he said in an interview Tuesday night.

Childs' attorney has asked the judge to reduce Childs $5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work. "None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing.

Childs intends to disprove the charges against him but also "expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion reads.

Source 1

Source 2

Press Release below:

Release Date: July 23, 2008

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

The U.S. Departments of Health and Human Services (HHS) and Homeland Security (DHS) released guidance on allocating and targeting pandemic influenza vaccine. The guidance provides a planning framework to help state, tribal, local and community leaders ensure that vaccine allocation and use will reduce the impact of a pandemic on public health and minimize disruption to society and the economy.

"This guidance is the result of a deliberative democratic process," HHS Secretary Mike Leavitt said. "All interested parties took part in the dialogue; we are confident that this document represents the best of shared responsibility and decision-making."

"A severe pandemic has the potential to disrupt our everyday way of life," said DHS Assistant Secretary for Health Affairs and Chief Medical Officer Dr. Jeffrey Runge. "This guidance was developed to ensure that our nation's critical infrastructure remains up and running and we address the needs of all of our citizens, enabling the country to recover from a pandemic more quickly."

As part of developing the guidance, HHS held day-long public engagement and stakeholder meetings throughout the country and received more than 200 written public comments on the goals and objectives of pandemic vaccination. In all the meetings, stakeholders and the public identified the same four vaccination program objectives as the most important:

• Protect persons critical to the pandemic response and who provide care for persons with pandemic illness;
• Protect persons who provide essential community services;
• Protect persons who are at high risk of infection because of their occupation; and
• Protect children.

The guidance is also firmly rooted in the most up-to-date scientific information available and directly considers the values of our society and the ethical issues involved in planning a phased approach to pandemic vaccination.

The ultimate goal of the pandemic vaccination program is to vaccinate every person in the United States who wants to be vaccinated. Because pandemic vaccine cannot be made fast enough for everyone to be vaccinated at once, federal, state, local and tribal governments, communities, and the private sector can use the guidance to decide who should be vaccinated during this early stage to best protect people and communities.

The guidance's vaccination structure defines four broad target groups: people who 1) maintain homeland and national security, 2) provide health care and community support services, 3) maintain critical infrastructure and 4) are in the general population.

Everyone in the United States is included in at least one vaccination target group. People who are not included in any occupational group would be vaccinated as part of the general population based on their age and health status.

While vaccines are an important resource in a pandemic, vaccination will only be one of several tools to fight the spread of influenza if and when a pandemic emerges. Other tools include community public health measures, antiviral medications, facemasks and respirators, washing hands, and covering coughs and sneezes.

###

The story has of course received a large amount of coverage and apparently one of the writers over at InfoWorld has been given more on the story by an insider.

I am not going to post the story on my blog word for word but rather provide a link back to the story at InfoWorld. I think it is a worth while read, especially if you are an IT manager, or in upper management where you work. Also an important lesson for admins as well.

Paul Venezia does an excellent job with the story and I prefer you read it directly from him, since the source contacted him with the information provided. Paul, thanks for the coverage.

Please read the full store here : InfoWorld, Why San Francisco's network admin went rogue.

In San Francisco an IT administrator was arrested after locking the system to other administrators and refuses to give up the password.

The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code.

The system in question is a multi-million dollar computer system for San Francisco that handles sensitive data such as city payroll files, jail bookings, law enforcement documents, and official e-mail for San Francisco.

While the network is currently functioning, administrators have little to no access to the system.

There are those out there that would argue with me, (since we have before) but many would agree that this is a Computer Security and Business Continuity issue.

Computer Security 101, no one person should be able to access the system the way Terry Childs did and lock out other administrators to the degree that he has done.

I am not going to take a deep dive into computer security here now but I urge all IT security departments to review policies. Especially concerning the sharing of passwords, review permissions policies, and look at the scenario, can any one person in my IT department deny global access or lock up my system? Go here for more on Computer Security. Childs created a password that granted him exclusive access to the system.

Though no reason for the malicious insider attack to the system has yet been established it has been reported that mister Terry Childs was cited recently for poor performance.

Even though the system is up and running he could have just as easily brought down part of, if not the entire network and it is being estimated that the cost to repair the damage will be several million dollars.

In this day and age insider threat is very real, and your business continuity plan, and security policies should account for such possibilities of the rouge IT administrator.

For more on this story please see the sources below.

Source 1
Source 2

Here is an incident that happened in Australia on June 3rd 2008, that was brought to my attention Chris Miller of B4Crisis.

Chris miller deserves full credit for bringing this to my attention, as well as conducting the research provided in this posting. She will also be providing a follow up to the story at a later date as well.

Note: I left the article unedited as far as content and the posting does not follow the usual format but all sources for the story are located within the posting. Thank you Chris Miller for providing this information.

Varanus Island, WA Gas explosion and fire

What went wrong?

On 3 June 2008 at 1340 hours (local time), an explosion occurred. There were no injuries and all personnel were accounted for. Most were evacuated safely by helicopter, although 13 remained to fight the resulting fire and monitor the situation.

The explosion and fire affected gas export pipelines that deliver gas for domestic and industrial use. Initially, it was thought gas supply would be affected for a number of days. This is now thought to be for a number of months.

Source http://en.wikinews.org/wiki/Apache_pipeline_fire_-_Varanus_Island,_Western_Australia

Wednesday 4 June 2008 - A pipeline rupture and fire at Apache Corporation's Vanarus Island facility in Western Australia has reduced the supply of natural gas to Western Australia by 30%. 153 employees have been evacuated and 13 employees remain on the island to monitor the situation.

Steven Farris, Apache's president and CEO said "No one was injured, all personnel are safe, and the rupture and fire appear to be contained on the island...At this time, we cannot estimate when throughput will be resumed." The facility was producing approximately 330 million cubic feet (MMcf) of natural gas and 8,000 barrels of crude oil per day, this has been reduced to 200 MMcf and 5,000 barrels per day.

Western Australian Minister for Energy Fran Logan said that residential supplies were unlikely to be affected but has called on Western Australians to conserve the use of natural gas. Minister Logan said that Apache supplies primarily large volume users like Alinta Gas and Alcoa, and the major industrial users will be hit the hardest. The aluminum refineries owned by Alcoa, which are dependent on natural gas, have switched to diesel to maintain production.

Apache representatives, including its managing director Tim Wall and fire experts from Singapore, are heading to the site to extinguish the fire and assess the damage. Wall said, during a news conference in Perth today, that a small fire on a vent had already been extinguished. Apache has also declared a clause in its supply contracts to remove liability for unavoidable catastrophes that prevent them from fulfilling obligations under the contract.

http://www.abc.net.au/news/video/2008/06/04/2265254.htm (excellent video shot the following day from Local ABC helicopter – no voice over)

Interdependencies – 30% of Western Australia’s gas supplies were lost when Varanus Island was shut down.

Impact of mining operations is great and costly. Some cannot fail over to diesel and doing so it much more expensive. Some of the major export miners are granted staff leave and conducting maintenance work on their plant.

Economic impact are so great that the Premier (=Governor) of Western Australia called a crisis meeting within a matter of days of the incident occurring.

http://www.abc.net.au/news/stories/2008/06/09/2268668.htm (Premier chairs gas crisis meeting - video)

Background - Apache Energy runs the Varanus Island gas processing facility http://www.apachecorp.com/ and http://en.wikipedia.org/wiki/Apache_Corporation

Apache’s Australian operations in brief Exploration in Australia is focused in the offshore Carnarvon, Gippsland and Perth basins, where Apache holds 5.3 million net acres in 29 exploration permits, 10 production licenses, and five retention leases. Production operations are concentrated in the Carnarvon Basin with 10 production licenses, nine of which Apache operates. The Varanus Island processing and transportation hub is an important infrastructure asset. Apache plans additional drilling in the Flag Sandstone formations in the waters near Varanus and will resume its Exmouth Basin exploration program. In 2005, Apache began delivery of gas from the John Brooks field. Headquarters are in Perth, capital city of Western Australia.